git.baikalelectronics.ru Git - kernel.git/commit

author	Leonard Crestez <cdleonard@gmail.com>
	Fri, 15 Oct 2021 07:26:05 +0000 (10:26 +0300)
committer	David S. Miller <davem@davemloft.net>
	Fri, 15 Oct 2021 13:36:57 +0000 (14:36 +0100)
commit	0164b963cf29851643a4b45dfe0fe09ece31dab0
tree	a981e21276f7fac7082078a3d80a55854aafa181	tree \| snapshot
parent	52628af430e8ab302816315d58c986711b6247b1	commit \| diff

tcp: md5: Allow MD5SIG_FLAG_IFINDEX with ifindex=0

Multiple VRFs are generally meant to be "separate" but right now md5
keys for the default VRF also affect connections inside VRFs if the IP
addresses happen to overlap.

So far the combination of TCP_MD5SIG_FLAG_IFINDEX with tcpm_ifindex == 0
was an error, accept this to mean "key only applies to default VRF".
This is what applications using VRFs for traffic separation want.

Signed-off-by: Leonard Crestez <cdleonard@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/tcp.h		diff \| blob \| history
net/ipv4/tcp_ipv4.c		diff \| blob \| history
net/ipv6/tcp_ipv6.c		diff \| blob \| history